Tag Archives: Palo Alto Networks

Palo Alto Networks : Not Enough Cybersecurity Staff In Healthcare

Palo Alto Networks revealed that despite an increase in cybersecurity budgets, there is a lack of dedicated cybersecurity staff in the healthcare industry.

 

Palo Alto Networks : Not Enough Cybersecurity Staff In Healthcare

SINGAPORE, 29 November 2017 – As the adoption of digital technology in the healthcare industry accelerates, there is an increasing need to protect another side of patients’ and healthcare organisations’ well-being – the security of their personal data. This emphasis on protecting data and mitigating cyberthreats is reflected in the industry’s significant investment into cybersecurity.

According to a recent survey * by Palo Alto Networks, about 70 percent of healthcare organisations in Asia-Pacific say that 5 to 15 percent of their organisation’s IT budget is allocated to cybersecurity.

The survey was conducted amongst more than 500 business professionals in APAC, covering Australia, China, Hong Kong, India and Singapore markets.

However, despite substantial budgets, there seems to be a need for the healthcare industry to catch-up with industry peers in terms of cybersecurity talent, with only 78 percent having a team in their organisations dedicated to IT security, the lowest among other industries surveyed. This is also well-below the industry-wide average of 86 percent.

 

Risk factors

Aside from monetary loss associated with data breaches and availability of connected devices which monitor patient lives, healthcare professionals are most worried about the loss of clients’ contacts, financial or medical information – 30 percent have cited loss of details as key. Fear of damaging the company’s reputation among clients comes next at 22 percent, followed by 17 percent citing company downtime while a breach is being fixed as a concern.

Cybersecurity risks in healthcare organisations are also amplified with BYOD (Bring Your Own Device), with 78 percent of organisations allowing employees to access work-related information with their own personal devices such as their mobile phones and computers. In addition to this, 69 percent of those surveyed say they are allowed to store and transfer their organisation’s confidential information through their personal devices.

While 83 percent claimed there are security policies in place, only 39 percent admit to reviewing these policies more than once a year – lower than the 51 percent of respondents from the finance industry, a sector also known to hold sensitive client data.

[adrotate group=”1″]

 

Call to get in shape for the future

As more healthcare organisations fall prey to cyberattacks, such as ransomware, a lapse in data security is a real threat to the industry, hence organisation-wide education and awareness are crucial towards ensuring that the right preventive measures are implemented and enforced.

54 percent of the respondents have cited an inability to keep up with the evolving solutions being a barrier to ensuring cybersecurity in their organisations, and 63 percent of respondents attributed this to an ageing internet infrastructure as the likely main reason for cyberthreats, should they happen.

 

Palo Alto Networks Tips For Healthcare Organisations

Here are some tips for healthcare organisations:

  • Ensure that medical devices are equipped with up-to-date firmware and security patches to address cybersecurity risks. Medical devices are notoriously vulnerable to cyberattacks because security is often an afterthought when the devices are designed and maintained by the manufacturer. These precautionary measures may include having an inventory on all medical devices, accessing network architecture and determining patch management plan for medical devices, as well as developing a plan to migrate medical devices to the medical device segment.
  • Apply a zero trust networking architecture for hospital networks, making security ubiquitous throughout, not just at the perimeter. Healthcare organisations should look to segment devices and data based on their risk, inspecting network data as it flows between segments, and requiring authentication to the network and to any application for any user on the network.
  • Practices such as BYOD and some employees’ ability to store and transfer confidential information through their personal devices put them at a higher risk of phishing attacks. To prevent this, healthcare providers should ensure that staff undergo regular end-user security training to reduce successful phishing. Cybersecurity best practices can be taught as a new hire class for every employee.
  • As healthcare organisations migrate portions of their critical infrastructure and applications to the cloud, it becomes imperative for an advanced and integrated security architecture to be deployed to prevent cyberattacks on three-prongs: the network, the endpoint and the cloud. Traditional antivirus will not be effective in guarding against advanced malware such as ransomware which continuously changes to avoid detection.

Go Back To > News | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

AceDeceiver : First iOS Trojan Exploits Apple DRM Design

Palo Alto Networks discovered a new family of iOS malware that successfully infected non-jailbroken devices. They’ve named it “AceDeceiver”.

What makes AceDeceiver different from previous iOS malware is that instead of abusing enterprise certificates as some iOS malware has over the past two years, AceDeceiver manages to install itself without any enterprise certificate at all. It does so by exploiting design flaws in Apple’s DRM mechanism, and even as Apple has removed AceDeceiver from App Store, it may still spread thanks to a novel attack vector.

AceDeceiver is the first iOS malware they’ve seen that abuses certain design flaws in Apple’s DRM protection mechanism — namely FairPlay — to install malicious apps on iOS devices regardless of whether they are jailbroken. This technique is called “FairPlay Man-In-The-Middle (MITM)” and has been used since 2013 to spread pirated iOS apps, but this is the first time they’ve seen it used to spread malware.

Note : The FairPlay MITM attack technique was also presented at the USENIX Security Symposium in 2014; however, attacks using this technique are still occurring successfully.

 

AceDeceiver Sneaks Into App Store

Three different iOS apps in the AceDeceiver family were uploaded to the official App Store between July 2015 and February 2016, and all of them claimed to be wallpaper apps.

These apps successfully bypassed Apple’s code review at least seven times (including the first time each was uploaded and then four rounds of code updates, which require an additional review by Apple for each instance) using a method similar to that used by ZergHelper, where the app tailors its behavior based on the physical geographic region in which it’s being executed.

In this case, AceDeceiver only displays malicious behaviors when a user is located in China, but that would be easy for the attacker to change in any time.

Apple removed these three apps from the App Store after we reported them in late February 2016. However, the attack is still viable because the FairPlay MITM attack only requires these apps to have been available in the App Store once. As long as an attacker could get a copy of authorization from Apple, the attack doesn’t require current App Store availability to spread those apps.

 

How AceDeceiver Works

To carry out the attack, the author created a Windows client called ”爱思助手 (Aisi Helper)” to perform the FairPlay MITM attack. Aisi Helper purports to be software that provides services for iOS devices such as system re-installation, jailbreaking, system backup, device management and system cleaning.

[adrotate banner=”5″]

But what it’s also doing is surreptitiously installing the malicious apps on any iOS device that is connected to the PC on which Aisi Helper is installed. (Of note, only the most recent app is installed on the iOS device(s) at the time of infection, not all three at the same time.) These malicious iOS apps provide a connection to a third party app store controlled by the author for user to download iOS apps or games.

It encourages users to input their Apple IDs and passwords for more features, and provided these credentials will be uploaded to AceDeceiver’s C2 server after being encrypted. We also identified some earlier versions of AceDeceiver that had enterprise certificates dated March 2015.

Go Back To > Cybersecurity | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participate in the Tech ARP Forums, or even donate to our fund. Any help you can render is greatly appreciated!